A sprawling phishing-as-a-service (PhaaS) campaign that has been running since at least last summer is using more than 20,000 fake domains to target a wide range of organizations in more than 100 countries, illustrating the capabilities of an increasingly popular tool among threat actors. The unknown hackers are using a platform called “Darcula” (sic) that..

The post ‘Darcula’ PhaaS Campaign Sinks Fangs into Victims appeared first on Security Boulevard.

The number of zero-day vulnerabilities that are exploited jumped in 2023, with enterprises becoming a larger target and spyware vendors and China-backed cyberespionage groups playing an increasingly bigger role, according to Google cybersecurity experts. In a report this week, researchers with Google’s Threat Analysis Group (TAG) and its Mandiant business said they saw 97 zero-day..

The post Google: Zero-Day Attacks Rise, Spyware and China are Dangers appeared first on Security Boulevard.

Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray AI framework – widely used by such companies as OpenAI, Uber, Amazon, Netflix, and Cohere – giving hackers entrée to huge amounts of data and compute power. The campaign has been ongoing for at least..

The post Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework appeared first on Security Boulevard.

The federal government is putting pressure on software makers to ensure that their products don’t include SQL injection vulnerabilities, a longtime and ongoing threat that was put in the spotlight with last year’s far-reaching hack of Progress Software’s MOVEit managed file transfer tool. CISA and the FBI this week issued an alert urging tech manufacturer..

The post CISA, FBI Push Software Developers to Eliminate SQL Injection Flaws appeared first on Security Boulevard.

Unidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform, including members of the popular Top.gg community that includes more than 170,000 members. The attackers used a range of tactics and techniques, from leveraging stolen browser cookies to take over accounts to contributing malicious code with..

The post Complex Supply Chain Attack Targets GitHub Developers appeared first on Security Boulevard.

The United States, the UK, and other countries this week accused a state-sponsored Chinese threat group of running a massive global hacking campaign for more than a decade that targeted political figures, journalists, businesses, political dissidents, and elections officials to steal information and spy on targets. U.S. Attorney Breon Peace called the work of the..

The post US, UK Accuse China of Years-Long Cyberespionage Campaign appeared first on Security Boulevard.

With the IRS deadline only weeks away, businesses and individuals are racing to get their taxes filed, and bad actors are doing what they can to keep pace with them. Both Microsoft and Malwarebytes in recent days have outlined various scams being used to steal sensitive information, drop malicious payloads, or make payments to fake..

The post Tax Scams Ramping Up as the April 15 Deadline Approaches appeared first on Security Boulevard.

The effects of the recent high-profile disruptions of LockBit’s and BlackCat ransomware operations by law enforcement agencies are rippling through the dark web, with smaller threat gangs looking to scoop up the larger groups’ disaffected affiliates. Law enforcement agencies in the United States, the UK, and elsewhere in recent years have aggressively targeted the most..

The post RaaS Groups Go Recruiting in Wake of LockBit, BlackCat Takedowns appeared first on Security Boulevard.

Top cybersecurity agencies in the United States and other countries are again warning critical infrastructure companies about the “urgent risk” posed by Chinese state-sponsored threat group Volt Typhoon and are recommending steps to harden their protections. The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the FBI in an advisory reminded private..

The post CISA, NSA, Others Outline Security Steps Against Volt Typhoon appeared first on Security Boulevard.

Developers are getting more help detecting and addressing bugs in their code through new AI-based tools that Sentry.io and GitHub each introduced this week. Sentry unveiled the beta of Autofix, a feature that uses company’s machine learning and AI capabilities and is aimed at debugging errors in production by leveraging what the vendor knows about..

The post Sentry, GitHub Use AI to Help Fix Coding Errors appeared first on Security Boulevard.